Database Reference
In-Depth Information
Application Connection Registry Table
We will create a table (see Listing 10-18) to hold the object each application provides, as a RAW data type.
It needs to be less than 2K to be stored as a RAW , so developers shouldn't expand on the template class
that we provide to them. Along with each object, we will store a binary large object ( BLOB ) data type that
holds a list of the associated connection strings.
It is difficult to index and select on RAW or BLOB types, as you might imagine. So we are going to index
on the class name and class version as VARCHAR2 data types. These identifiers can be garnered from the
object, so we never pass them: passing the object is sufficient for us to find out who the application is
claiming to be.
Setting the table of Oracle connection strings (the BLOB ) is not a one-time occurrence; they can be
updated. So we include an update_dt column in our table to keep track of that. We use the empty_blob()
directive to allocate a BLOB locator address by default, pointing at no particular BLOB, but an address
nonetheless—not a null.
Listing 10-18. Application Connection Registry Table
CREATE TABLE appsec.t_app_conn_registry
(
class_name VARCHAR2(2000) NOT NULL,
class_version VARCHAR2(200) NOT NULL,
class_instance RAW(2000),
update_dt DATE DEFAULT SYSDATE,
connections BLOB DEFAULT EMPTY_BLOB()
);
Note You can find this script in the file named Chapter10/AppSec.sql .
We create an index and primary key on class_name and class_version , not shown. We also create a
view of this table for regular reference.
A Set of Connection Strings for an Application
On the client side, we are going to handle our table of connection strings as a HashMap , which we will call
connsHash . You must assure that it is marked private so only the OracleJavaSecure class can see it. Here
is the declaration:
private static HashMap <String, RAW> connsHash = null;
We will have exchanged keys with the Oracle database, so we can receive this table of connection
strings encrypted with the shared password key. We will only decrypt them as needed, creating a
connection and then freeing the connection string for garbage collection (retaining no class member
reference to it.) Note that until the garbage collector runs (automatically, self-scheduling), the clear-text
connection string will be in the machine memory, but not easily retrieved, even with a debugger.
A HashMap is a Collection class that has a key and value relationship. It is like a two-column table
with unique keys and associated values. Both the keys and values are Java objects, not primitives. In this
case, our keys are Strings , and our values are RAWs . Specifically, our RAW values are the encrypted form of
 
Search WWH ::




Custom Search